diff --git a/services/mana-core-auth/src/auth/better-auth.config.ts b/services/mana-core-auth/src/auth/better-auth.config.ts index 8fec0c89a..905b99042 100644 --- a/services/mana-core-auth/src/auth/better-auth.config.ts +++ b/services/mana-core-auth/src/auth/better-auth.config.ts @@ -22,7 +22,11 @@ import { getDb } from '../db/connection'; import { organizations, members, invitations } from '../db/schema/organizations.schema'; import { users, sessions, accounts, verificationTokens, jwks } from '../db/schema/auth.schema'; import type { JWTPayloadContext } from './types/better-auth.types'; -import { sendPasswordResetEmail, sendInvitationEmail } from '../email/email.service'; +import { + sendPasswordResetEmail, + sendInvitationEmail, + sendVerificationEmail, +} from '../email/email.service'; /** * JWT Custom Payload Interface @@ -81,19 +85,29 @@ export function createBetterAuth(databaseUrl: string) { }, }), - // Email/password authentication with password reset + // Email/password authentication with email verification and password reset emailAndPassword: { enabled: true, - requireEmailVerification: false, // Can enable later + requireEmailVerification: true, minPasswordLength: 8, maxPasswordLength: 128, + /** + * Email Verification + * + * Sends verification email when user registers. + * User must verify email before they can log in. + */ + sendVerificationEmail: async ({ user, url }) => { + await sendVerificationEmail(user.email, url, user.name); + }, + /** * Password Reset Configuration * * Better Auth provides password reset via: - * - auth.api.forgetPassword({ email }) - Sends reset email - * - auth.api.resetPassword({ newPassword, token }) - Resets password + * - auth.api.requestPasswordReset({ body: { email } }) - Sends reset email + * - auth.api.resetPassword({ body: { newPassword, token } }) - Resets password * * @see https://www.better-auth.com/docs/authentication/email-password#password-reset */ diff --git a/services/mana-core-auth/src/email/email.service.ts b/services/mana-core-auth/src/email/email.service.ts index 59d652ba2..d8e910eb1 100644 --- a/services/mana-core-auth/src/email/email.service.ts +++ b/services/mana-core-auth/src/email/email.service.ts @@ -176,6 +176,54 @@ export async function sendInvitationEmail( }); } +/** + * Send email verification email + */ +export async function sendVerificationEmail( + email: string, + verificationUrl: string, + userName?: string +): Promise { + const name = userName || email.split('@')[0]; + + return sendEmail({ + to: email, + subject: 'E-Mail bestätigen - ManaCore', + html: ` + + + + + + + +
+

ManaCore

+
+ +

Hallo ${name},

+ +

Willkommen bei ManaCore! Bitte bestätige deine E-Mail-Adresse, um deinen Account zu aktivieren:

+ +
+ E-Mail bestätigen +
+ +

Dieser Link ist 24 Stunden gültig. Falls du dich nicht bei ManaCore registriert hast, kannst du diese E-Mail ignorieren.

+ +
+ +

+ Diese E-Mail wurde automatisch von ManaCore gesendet.
+ Falls der Button nicht funktioniert, kopiere diesen Link in deinen Browser:
+ ${verificationUrl} +

+ + +`, + }); +} + /** * Send welcome/verification email */